diff options
author | Ian Delaney <idella4@gentoo.org> | 2013-01-30 09:09:01 +0000 |
---|---|---|
committer | Ian Delaney <idella4@gentoo.org> | 2013-01-30 09:09:01 +0000 |
commit | f06b594d727ff33279d3bb077ca1af0243a5fe54 (patch) | |
tree | d173d9a4d779966c3eb2a6469d6a54c1ebcfda67 /app-emulation/xen-tools | |
parent | sci-chemistry/pymol-plugins-promol: Move to new python eclasses, #453574 (diff) | |
download | gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.tar.gz gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.tar.bz2 gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.zip |
revbump;-4.2.0-r3; adjustments to DEPS, implementation of ocaml flag courtesy of user known as 'a.m' wrt Bug #447716, reconstitution of ipxe-nopie with subsequent add of -4-add-nopie.patch, new use ocaml added and implemented (possible to rename), sed statements reduced to patches, 2 sec. patches applied, build & install of docs corrected/upgrade. 4.2.1-r1; changes mirrored those to 4.2.0-r3, add of 1 valid sec. patch. Drop un-needed -3.4.2-as-needed.patch
(Portage version: 2.1.11.40/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'app-emulation/xen-tools')
11 files changed, 1380 insertions, 23 deletions
diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog index 7e74214401a8..f75da1b7df87 100644 --- a/app-emulation/xen-tools/ChangeLog +++ b/app-emulation/xen-tools/ChangeLog @@ -1,6 +1,24 @@ # ChangeLog for app-emulation/xen-tools # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.128 2013/01/24 08:53:49 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.129 2013/01/30 09:09:01 idella4 Exp $ + +*xen-tools-4.2.0-r3 (30 Jan 2013) +*xen-tools-4.2.1-r1 (30 Jan 2013) + + 30 Jan 2013; Ian Delaney <idella4@gentoo.org> + +files/xen-4-CVE-2012-4544-XSA-25.patch, + +files/xen-4-CVE-2012-6075-XSA-41.patch, +files/xen-4-fix_dotconfig-gcc.patch, + +files/xen-tools-4-add-nopie.patch, +files/xen-tools-4-docfix.patch, + +xen-tools-4.2.0-r3.ebuild, +xen-tools-4.2.1-r1.ebuild, + -files/xen-tools-3.4.2-as-needed.patch, files/ipxe-nopie.patch, + xen-tools-4.2.0-r2.ebuild: + revbump;-4.2.0-r3; adjustments to DEPS, implementation of ocaml flag courtesy + of user known as 'a.m' wrt Bug #447716, reconstitution of ipxe-nopie with + subsequent add of -4-add-nopie.patch, new use ocaml added and implemented + (possible to rename), sed statements reduced to patches, 2 sec. patches + applied, build & install of docs corrected/upgrade. 4.2.1-r1; changes mirrored + those to 4.2.0-r3, add of 1 valid sec. patch. Drop un-needed -3.4.2-as- + needed.patch 24 Jan 2013; Ian Delaney <idella4@gentoo.org> -xen-tools-4.1.2-r2.ebuild, -xen-tools-4.2.0-r1.ebuild, xen-tools-4.2.0-r2.ebuild, xen-tools-4.2.1.ebuild: diff --git a/app-emulation/xen-tools/files/ipxe-nopie.patch b/app-emulation/xen-tools/files/ipxe-nopie.patch index 3de06dc89f7e..86dc9a32ad2b 100644 --- a/app-emulation/xen-tools/files/ipxe-nopie.patch +++ b/app-emulation/xen-tools/files/ipxe-nopie.patch @@ -4,8 +4,8 @@ * /tools/firmware/etherboot/patches/ipxe-nopie.patche New patch * /tools/firmware/etherboot/patches/series Add ipxe-nopie.patch ---- a/tools/firmware/etherboot/patches/ipxe-nopie.patch 1970-01-01 01:00:00.000000000 +0100 -+++ b/tools/firmware/etherboot/patches/ipxe-nopie.patch 2011-03-27 17:45:13.929697782 +0200 +#--- tools/firmware/etherboot/patches/ipxe-nopie.patch 1970-01-01 01:00:00.000000000 +0100 +#+++ tools/firmware/etherboot/patches/ipxe-nopie.patch 2011-03-27 17:45:13.929697782 +0200 @@ -0,0 +1,11 @@ +--- ipxe/src/Makefile~ 2011-03-27 17:41:52.000000000 +0200 ++++ ipxe/src/Makefile 2011-03-27 17:43:20.869446433 +0200 @@ -18,9 +18,3 @@ + ASFLAGS := + LDFLAGS := + MAKEDEPS := Makefile ---- a/tools/firmware/etherboot/patches/series 2011-03-25 11:42:50.000000000 +0100 -+++ b/tools/firmware/etherboot/patches/series 2011-03-27 17:45:45.140446216 +0200 -build_fix_1.patch -build_fix_2.patch -build_fix_3.patch -+ipxe-nopie.patch diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch b/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch new file mode 100644 index 000000000000..35b9338341cf --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch @@ -0,0 +1,369 @@ + +# HG changeset patch +# User Ian Jackson <Ian.Jackson@eu.citrix.com> +# Date 1351264255 -3600 +# Node ID 537776f51f79c5789d06f97b363596a197c3e71c +# Parent 40ccbee890e1fc053de3046bbc3d13b8ff6f5d63 +libxc: builder: limit maximum size of kernel/ramdisk. + +Allowing user supplied kernels of arbitrary sizes, especially during +decompression, can swallow up dom0 memory leading to either virtual +address space exhaustion in the builder process or allocation +failures/OOM killing of both toolstack and unrelated processes. + +We disable these checks when building in a stub domain for pvgrub +since this uses the guest's own memory and is isolated. + +Decompression of gzip compressed kernels and ramdisks has been safe +since 14954:58205257517d (Xen 3.1.0 onwards). + +This is XSA-25 / CVE-2012-4544. + +Also make explicit checks for buffer overflows in various +decompression routines. These were already ruled out due to other +properties of the code but check them as a belt-and-braces measure. + +Signed-off-by: Ian Campbell <ian.campbell@citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> + +diff -r 40ccbee890e1 -r 537776f51f79 stubdom/grub/kexec.c +--- stubdom/grub/kexec.c Thu Oct 25 15:36:32 2012 +0200 ++++ stubdom/grub/kexec.c Fri Oct 26 16:10:55 2012 +0100 +@@ -137,6 +137,10 @@ void kexec(void *kernel, long kernel_siz + dom = xc_dom_allocate(xc_handle, cmdline, features); + dom->allocate = kexec_allocate; + ++ /* We are using guest owned memory, therefore no limits. */ ++ xc_dom_kernel_max_size(dom, 0); ++ xc_dom_ramdisk_max_size(dom, 0); ++ + dom->kernel_blob = kernel; + dom->kernel_size = kernel_size; + +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom.h +--- tools/libxc/xc_dom.h Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom.h Fri Oct 26 16:10:55 2012 +0100 +@@ -55,6 +55,9 @@ struct xc_dom_image { + void *ramdisk_blob; + size_t ramdisk_size; + ++ size_t max_kernel_size; ++ size_t max_ramdisk_size; ++ + /* arguments and parameters */ + char *cmdline; + uint32_t f_requested[XENFEAT_NR_SUBMAPS]; +@@ -180,6 +183,23 @@ void xc_dom_release_phys(struct xc_dom_i + void xc_dom_release(struct xc_dom_image *dom); + int xc_dom_mem_init(struct xc_dom_image *dom, unsigned int mem_mb); + ++/* Set this larger if you have enormous ramdisks/kernels. Note that ++ * you should trust all kernels not to be maliciously large (e.g. to ++ * exhaust all dom0 memory) if you do this (see CVE-2012-4544 / ++ * XSA-25). You can also set the default independently for ++ * ramdisks/kernels in xc_dom_allocate() or call ++ * xc_dom_{kernel,ramdisk}_max_size. ++ */ ++#ifndef XC_DOM_DECOMPRESS_MAX ++#define XC_DOM_DECOMPRESS_MAX (1024*1024*1024) /* 1GB */ ++#endif ++ ++int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz); ++int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz); ++ ++int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz); ++int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz); ++ + size_t xc_dom_check_gzip(xc_interface *xch, + void *blob, size_t ziplen); + int xc_dom_do_gunzip(xc_interface *xch, +@@ -240,7 +260,8 @@ void xc_dom_log_memory_footprint(struct + void *xc_dom_malloc(struct xc_dom_image *dom, size_t size); + void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size); + void *xc_dom_malloc_filemap(struct xc_dom_image *dom, +- const char *filename, size_t * size); ++ const char *filename, size_t * size, ++ const size_t max_size); + char *xc_dom_strdup(struct xc_dom_image *dom, const char *str); + + /* --- alloc memory pool ------------------------------------------- */ +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_bzimageloader.c +--- tools/libxc/xc_dom_bzimageloader.c Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom_bzimageloader.c Fri Oct 26 16:10:55 2012 +0100 +@@ -47,13 +47,19 @@ static int xc_try_bzip2_decode( + char *out_buf; + char *tmp_buf; + int retval = -1; +- int outsize; ++ unsigned int outsize; + uint64_t total; + + stream.bzalloc = NULL; + stream.bzfree = NULL; + stream.opaque = NULL; + ++ if ( dom->kernel_size == 0) ++ { ++ DOMPRINTF("BZIP2: Input is 0 size"); ++ return -1; ++ } ++ + ret = BZ2_bzDecompressInit(&stream, 0, 0); + if ( ret != BZ_OK ) + { +@@ -66,6 +72,17 @@ static int xc_try_bzip2_decode( + * the input buffer to start, and we'll realloc as needed. + */ + outsize = dom->kernel_size; ++ ++ /* ++ * stream.avail_in and outsize are unsigned int, while kernel_size ++ * is a size_t. Check we aren't overflowing. ++ */ ++ if ( outsize != dom->kernel_size ) ++ { ++ DOMPRINTF("BZIP2: Input too large"); ++ goto bzip2_cleanup; ++ } ++ + out_buf = malloc(outsize); + if ( out_buf == NULL ) + { +@@ -98,13 +115,20 @@ static int xc_try_bzip2_decode( + if ( stream.avail_out == 0 ) + { + /* Protect against output buffer overflow */ +- if ( outsize > INT_MAX / 2 ) ++ if ( outsize > UINT_MAX / 2 ) + { + DOMPRINTF("BZIP2: output buffer overflow"); + free(out_buf); + goto bzip2_cleanup; + } + ++ if ( xc_dom_kernel_check_size(dom, outsize * 2) ) ++ { ++ DOMPRINTF("BZIP2: output too large"); ++ free(out_buf); ++ goto bzip2_cleanup; ++ } ++ + tmp_buf = realloc(out_buf, outsize * 2); + if ( tmp_buf == NULL ) + { +@@ -172,9 +196,15 @@ static int _xc_try_lzma_decode( + unsigned char *out_buf; + unsigned char *tmp_buf; + int retval = -1; +- int outsize; ++ size_t outsize; + const char *msg; + ++ if ( dom->kernel_size == 0) ++ { ++ DOMPRINTF("%s: Input is 0 size", what); ++ return -1; ++ } ++ + /* sigh. We don't know up-front how much memory we are going to need + * for the output buffer. Allocate the output buffer to be equal + * the input buffer to start, and we'll realloc as needed. +@@ -244,13 +274,20 @@ static int _xc_try_lzma_decode( + if ( stream->avail_out == 0 ) + { + /* Protect against output buffer overflow */ +- if ( outsize > INT_MAX / 2 ) ++ if ( outsize > SIZE_MAX / 2 ) + { + DOMPRINTF("%s: output buffer overflow", what); + free(out_buf); + goto lzma_cleanup; + } + ++ if ( xc_dom_kernel_check_size(dom, outsize * 2) ) ++ { ++ DOMPRINTF("%s: output too large", what); ++ free(out_buf); ++ goto lzma_cleanup; ++ } ++ + tmp_buf = realloc(out_buf, outsize * 2); + if ( tmp_buf == NULL ) + { +@@ -359,6 +396,12 @@ static int xc_try_lzo1x_decode( + 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a + }; + ++ /* ++ * lzo_uint should match size_t. Check that this is the case to be ++ * sure we won't overflow various lzo_uint fields. ++ */ ++ XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t)); ++ + ret = lzo_init(); + if ( ret != LZO_E_OK ) + { +@@ -438,6 +481,14 @@ static int xc_try_lzo1x_decode( + if ( src_len <= 0 || src_len > dst_len || src_len > left ) + break; + ++ msg = "Output buffer overflow"; ++ if ( *size > SIZE_MAX - dst_len ) ++ break; ++ ++ msg = "Decompressed image too large"; ++ if ( xc_dom_kernel_check_size(dom, *size + dst_len) ) ++ break; ++ + msg = "Failed to (re)alloc memory"; + tmp_buf = realloc(out_buf, *size + dst_len); + if ( tmp_buf == NULL ) +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_core.c +--- tools/libxc/xc_dom_core.c Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom_core.c Fri Oct 26 16:10:55 2012 +0100 +@@ -159,7 +159,8 @@ void *xc_dom_malloc_page_aligned(struct + } + + void *xc_dom_malloc_filemap(struct xc_dom_image *dom, +- const char *filename, size_t * size) ++ const char *filename, size_t * size, ++ const size_t max_size) + { + struct xc_dom_mem *block = NULL; + int fd = -1; +@@ -171,6 +172,13 @@ void *xc_dom_malloc_filemap(struct xc_do + lseek(fd, 0, SEEK_SET); + *size = lseek(fd, 0, SEEK_END); + ++ if ( max_size && *size > max_size ) ++ { ++ xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY, ++ "tried to map file which is too large"); ++ goto err; ++ } ++ + block = malloc(sizeof(*block)); + if ( block == NULL ) + goto err; +@@ -222,6 +230,40 @@ char *xc_dom_strdup(struct xc_dom_image + } + + /* ------------------------------------------------------------------------ */ ++/* decompression buffer sizing */ ++int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz) ++{ ++ /* No limit */ ++ if ( !dom->max_kernel_size ) ++ return 0; ++ ++ if ( sz > dom->max_kernel_size ) ++ { ++ xc_dom_panic(dom->xch, XC_INVALID_KERNEL, ++ "kernel image too large"); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz) ++{ ++ /* No limit */ ++ if ( !dom->max_ramdisk_size ) ++ return 0; ++ ++ if ( sz > dom->max_ramdisk_size ) ++ { ++ xc_dom_panic(dom->xch, XC_INVALID_KERNEL, ++ "ramdisk image too large"); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++/* ------------------------------------------------------------------------ */ + /* read files, copy memory blocks, with transparent gunzip */ + + size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen) +@@ -235,7 +277,7 @@ size_t xc_dom_check_gzip(xc_interface *x + + gzlen = blob + ziplen - 4; + unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0]; +- if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */ ++ if ( (unziplen < 0) || (unziplen > XC_DOM_DECOMPRESS_MAX) ) + { + xc_dom_printf + (xch, +@@ -288,6 +330,9 @@ int xc_dom_try_gunzip(struct xc_dom_imag + if ( unziplen == 0 ) + return 0; + ++ if ( xc_dom_kernel_check_size(dom, unziplen) ) ++ return 0; ++ + unzip = xc_dom_malloc(dom, unziplen); + if ( unzip == NULL ) + return -1; +@@ -588,6 +633,9 @@ struct xc_dom_image *xc_dom_allocate(xc_ + memset(dom, 0, sizeof(*dom)); + dom->xch = xch; + ++ dom->max_kernel_size = XC_DOM_DECOMPRESS_MAX; ++ dom->max_ramdisk_size = XC_DOM_DECOMPRESS_MAX; ++ + if ( cmdline ) + dom->cmdline = xc_dom_strdup(dom, cmdline); + if ( features ) +@@ -608,10 +656,25 @@ struct xc_dom_image *xc_dom_allocate(xc_ + return NULL; + } + ++int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz) ++{ ++ DOMPRINTF("%s: kernel_max_size=%zx", __FUNCTION__, sz); ++ dom->max_kernel_size = sz; ++ return 0; ++} ++ ++int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz) ++{ ++ DOMPRINTF("%s: ramdisk_max_size=%zx", __FUNCTION__, sz); ++ dom->max_ramdisk_size = sz; ++ return 0; ++} ++ + int xc_dom_kernel_file(struct xc_dom_image *dom, const char *filename) + { + DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename); +- dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size); ++ dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size, ++ dom->max_kernel_size); + if ( dom->kernel_blob == NULL ) + return -1; + return xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size); +@@ -621,7 +684,9 @@ int xc_dom_ramdisk_file(struct xc_dom_im + { + DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename); + dom->ramdisk_blob = +- xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size); ++ xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size, ++ dom->max_ramdisk_size); ++ + if ( dom->ramdisk_blob == NULL ) + return -1; + // return xc_dom_try_gunzip(dom, &dom->ramdisk_blob, &dom->ramdisk_size); +@@ -781,7 +846,11 @@ int xc_dom_build_image(struct xc_dom_ima + void *ramdiskmap; + + unziplen = xc_dom_check_gzip(dom->xch, dom->ramdisk_blob, dom->ramdisk_size); ++ if ( xc_dom_ramdisk_check_size(dom, unziplen) != 0 ) ++ unziplen = 0; ++ + ramdisklen = unziplen ? unziplen : dom->ramdisk_size; ++ + if ( xc_dom_alloc_segment(dom, &dom->ramdisk_seg, "ramdisk", 0, + ramdisklen) != 0 ) + goto err; + + diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch b/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch new file mode 100644 index 000000000000..7513ac3d5cba --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch @@ -0,0 +1,39 @@ +authorMichael Contreras <michael@inetric.com> + Mon, 3 Dec 2012 04:11:22 +0000 (20:11 -0800) +committerAnthony Liguori <aliguori@us.ibm.com> + Mon, 3 Dec 2012 14:14:10 +0000 (08:14 -0600) + +The e1000_receive function for the e1000 needs to discard packets longer than +1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes +this behavior and allocates memory based on this assumption. + +Signed-off-by: Michael Contreras <michael@inetric.com> +Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> +hw/e1000.c + +--- tools/qemu-xen/hw/e1000.c ++++ tools/qemu-xen/hw/e1000.c +@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + diff --git a/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch b/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch new file mode 100644 index 000000000000..4e08a30f323e --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch @@ -0,0 +1,245 @@ +# Fix gcc-4.6 +diff -ur xen-4.2.0.orig/extras/mini-os/minios.mk xen-4.2.0/extras/mini-os/minios.mk +--- extras/mini-os/minios.mk 2012-09-17 18:21:17.000000000 +0800 ++++ extras/mini-os/minios.mk 2012-12-05 14:01:10.653260260 +0800 +@@ -6,7 +6,7 @@ + + # Define some default flags. + # NB. '-Wcast-qual' is nasty, so I omitted it. +-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls + DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,) + DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline) + DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline +diff -ur xen-4.2.0.orig/tools/libxc/Makefile xen-4.2.0/tools/libxc/Makefile +--- tools/libxc/Makefile 2012-09-17 18:21:18.000000000 +0800 ++++ tools/libxc/Makefile 2012-12-05 14:01:10.653260260 +0800 +@@ -73,7 +73,7 @@ + + -include $(XEN_TARGET_ARCH)/Makefile + +-CFLAGS += -Werror -Wmissing-prototypes ++CFLAGS += -Wmissing-prototypes + CFLAGS += -I. $(CFLAGS_xeninclude) + + # Needed for posix_fadvise64() in xc_linux.c +# Drop .config +diff -ur xen-4.2.0.orig/Config.mk xen-4.2.0/Config.mk +--- Config.mk 2012-09-17 18:23:12.000000000 +0800 ++++ Config.mk 2012-12-05 14:01:10.641260261 +0800 +@@ -7,7 +7,6 @@ Drop .config + # fallback for older make + realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))"))) + +--include $(XEN_ROOT)/.config + + # A debug build of Xen and tools? + debug ?= n +@@ -24,7 +24,7 @@ + + # Tools to run on system hosting the build + HOSTCC = gcc +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer ++HOSTCFLAGS = -Wstrict-prototypes -O2 -fomit-frame-pointer + HOSTCFLAGS += -fno-strict-aliasing + + DISTDIR ?= $(XEN_ROOT)/dist +@@ -156,7 +156,7 @@ + + CFLAGS += -std=gnu99 + +-CFLAGS += -Wall -Wstrict-prototypes ++CFLAGS += -Wstrict-prototypes + + # Clang complains about macros that expand to 'if ( ( foo == bar ) ) ...' + # and is over-zealous with the printf format lint +diff -ur xen-4.2.1.orig/tools/blktap2/drivers/Makefile xen-4.2.1/tools/blktap2/drivers/Makefile +--- tools/blktap2/drivers/Makefile 2012-12-17 23:00:11.000000000 +0800 ++++ tools/blktap2/drivers/Makefile 2013-01-30 12:31:43.539941099 +0800 +@@ -9,7 +9,7 @@ + LOCK_UTIL = lock-util + INST_DIR = $(SBINDIR) + +-CFLAGS += -Werror -g ++CFLAGS += -g + CFLAGS += -Wno-unused + CFLAGS += -fno-strict-aliasing + CFLAGS += -I$(BLKTAP_ROOT)/include -I$(BLKTAP_ROOT)/drivers +diff -ur xen-4.2.1.orig/tools/debugger/gdbsx/Rules.mk xen-4.2.1/tools/debugger/gdbsx/Rules.mk +--- tools/debugger/gdbsx/Rules.mk 2012-12-17 23:00:22.000000000 +0800 ++++ tools/debugger/gdbsx/Rules.mk 2013-01-30 12:31:43.516941098 +0800 +@@ -1,4 +1,4 @@ + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror -Wmissing-prototypes ++CFLAGS += -Wmissing-prototypes + # (gcc 4.3x and later) -Wconversion -Wno-sign-conversion +diff -ur xen-4.2.1.orig/tools/debugger/xenitp/Makefile xen-4.2.1/tools/debugger/xenitp/Makefile +--- tools/debugger/xenitp/Makefile 2012-12-17 23:00:22.000000000 +0800 ++++ tools/debugger/xenitp/Makefile 2013-01-30 12:31:43.516941098 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-#CFLAGS += -Werror -g -O0 ++#CFLAGS += -g -O0 + + CFLAGS += $(CFLAGS_libxenctrl) + +diff -ur xen-4.2.1.orig/tools/libaio/harness/Makefile xen-4.2.1/tools/libaio/harness/Makefile +--- tools/libaio/harness/Makefile 2012-12-17 23:00:35.000000000 +0800 ++++ tools/libaio/harness/Makefile 2013-01-30 12:31:43.541941099 +0800 +@@ -4,7 +4,7 @@ + HARNESS_SRCS:=main.c + # io_queue.c + +-CFLAGS=-Wall -Werror -g -O -laio ++CFLAGS=-Wall -g -O -laio + #-lpthread -lrt + + all: $(PROGS) +diff -ur xen-4.2.1.orig/tools/libfsimage/Rules.mk xen-4.2.1/tools/libfsimage/Rules.mk +--- tools/libfsimage/Rules.mk 2012-12-17 23:00:36.000000000 +0800 ++++ tools/libfsimage/Rules.mk 2013-01-30 12:31:43.515941097 +0800 +@@ -1,7 +1,7 @@ + include $(XEN_ROOT)/tools/Rules.mk + + CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" +-CFLAGS += -Werror -D_GNU_SOURCE ++CFLAGS += -D_GNU_SOURCE + LDFLAGS += -L../common/ + + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y)) +diff -ur xen-4.2.1.orig/tools/libxl/Makefile xen-4.2.1/tools/libxl/Makefile +--- tools/libxl/Makefile 2012-12-17 23:01:08.000000000 +0800 ++++ tools/libxl/Makefile 2013-01-30 12:31:43.541941099 +0800 +@@ -11,7 +11,7 @@ + XLUMAJOR = 1.0 + XLUMINOR = 1 + +-CFLAGS += -Werror -Wno-format-zero-length -Wmissing-declarations \ ++CFLAGS += -Wno-format-zero-length -Wmissing-declarations \ + -Wno-declaration-after-statement -Wformat-nonliteral + CFLAGS += -I. -fPIC + +diff -ur xen-4.2.1.orig/tools/qemu-xen/pc-bios/optionrom/Makefile xen-4.2.1/tools/qemu-xen/pc-bios/optionrom/Makefile +--- tools/qemu-xen/pc-bios/optionrom/Makefile 2012-09-11 02:10:52.000000000 +0800 ++++ tools/qemu-xen/pc-bios/optionrom/Makefile 2013-01-30 12:31:43.528941098 +0800 +@@ -9,7 +9,7 @@ + + .PHONY : all clean build-all + +-CFLAGS := -Wall -Wstrict-prototypes -Werror -fomit-frame-pointer -fno-builtin ++CFLAGS := -Wall -Wstrict-prototypes -fomit-frame-pointer -fno-builtin + CFLAGS += -I$(SRC_PATH) + CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector) + QEMU_CFLAGS = $(CFLAGS) +diff -ur xen-4.2.1.orig/tools/vtpm/Rules.mk xen-4.2.1/tools/vtpm/Rules.mk +--- tools/vtpm/Rules.mk 2012-12-17 23:01:35.000000000 +0800 ++++ tools/vtpm/Rules.mk 2013-01-30 12:31:43.515941097 +0800 +@@ -6,7 +6,7 @@ + # + + # General compiler flags +-CFLAGS = -Werror -g3 ++CFLAGS = -g3 + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-4.2.1.orig/tools/vtpm_manager/Rules.mk xen-4.2.1/tools/vtpm_manager/Rules.mk +--- tools/vtpm_manager/Rules.mk 2012-12-17 23:01:35.000000000 +0800 ++++ tools/vtpm_manager/Rules.mk 2013-01-30 12:31:43.511941097 +0800 +@@ -6,7 +6,7 @@ + # + + # General compiler flags +-CFLAGS = -Werror -g3 ++CFLAGS = -g3 + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-4.2.1.orig/tools/xenstat/xentop/Makefile xen-4.2.1/tools/xenstat/xentop/Makefile +--- tools/xenstat/xentop/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/xenstat/xentop/Makefile 2013-01-30 12:31:43.535941098 +0800 +@@ -18,7 +18,7 @@ + all install xentop: + else + +-CFLAGS += -DGCC_PRINTF -Wall -Werror $(CFLAGS_libxenstat) ++CFLAGS += -DGCC_PRINTF -Wall $(CFLAGS_libxenstat) + LDLIBS += $(LDLIBS_libxenstat) $(CURSES_LIBS) $(SOCKET_LIBS) + CFLAGS += -DHOST_$(XEN_OS) + +diff -ur xen-4.2.1.orig/xen/arch/arm/Rules.mk xen-4.2.1/xen/arch/arm/Rules.mk +--- xen/arch/arm/Rules.mk 2012-12-17 23:01:37.000000000 +0800 ++++ xen/arch/arm/Rules.mk 2013-01-30 12:31:43.498941097 +0800 +@@ -9,7 +9,7 @@ + HAS_DEVICE_TREE := y + + CFLAGS += -fno-builtin -fno-common -Wredundant-decls +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe + CFLAGS += -I$(BASEDIR)/include + + # Prevent floating-point variables from creeping into Xen. +diff -ur xen-4.2.1.orig/xen/arch/x86/Rules.mk xen-4.2.1/xen/arch/x86/Rules.mk +--- xen/arch/x86/Rules.mk 2012-12-17 23:01:37.000000000 +0800 ++++ xen/arch/x86/Rules.mk 2013-01-30 12:31:43.490941096 +0800 +@@ -24,7 +24,7 @@ + endif + + CFLAGS += -fno-builtin -fno-common -Wredundant-decls +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe + CFLAGS += -I$(BASEDIR)/include + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default +diff -ur xen-4.2.1.orig/xen/include/Makefile xen-4.2.1/xen/include/Makefile +--- xen/include/Makefile 2012-12-17 23:01:55.000000000 +0800 ++++ xen/include/Makefile 2013-01-30 12:31:43.502941097 +0800 +@@ -78,7 +78,7 @@ + all: headers.chk + + headers.chk: $(filter-out public/arch-% public/%ctl.h public/xsm/% public/%hvm/save.h, $(wildcard public/*.h public/*/*.h) $(public-y)) Makefile +- for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -Werror -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new ++ for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new + mv $@.new $@ + + endif +diff -ur xen-4.2.1.orig/tools/tests/mce-test/tools/Makefile xen-4.2.1/tools/tests/mce-test/tools/Makefile +--- tools/tests/mce-test/tools/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/mce-test/tools/Makefile 2013-01-30 13:01:44.890020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_libxenguest) + CFLAGS += $(CFLAGS_libxenstore) +diff -ur xen-4.2.1.orig/tools/tests/mem-sharing/Makefile xen-4.2.1/tools/tests/mem-sharing/Makefile +--- tools/tests/mem-sharing/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/mem-sharing/Makefile 2013-01-30 13:01:44.890020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_xeninclude) +diff -ur xen-4.2.1.orig/tools/tests/xen-access/Makefile xen-4.2.1/tools/tests/xen-access/Makefile +--- tools/tests/xen-access/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/xen-access/Makefile 2013-01-30 13:01:44.891020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_libxenguest) + diff --git a/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch b/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch deleted file mode 100644 index 5d973732fb31..000000000000 --- a/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- xen-3.4.2.orig/tools/libxc/Makefile 2009-11-10 16:12:56.000000000 +0100 -+++ xen-3.4.2/tools/libxc/Makefile 2009-12-12 18:46:27.547714651 +0100 -@@ -167,9 +167,8 @@ - xc_dom_bzimageloader.o: CFLAGS += $(call zlib-options,D) - xc_dom_bzimageloader.opic: CFLAGS += $(call zlib-options,D) - --libxenguest.so.$(MAJOR).$(MINOR): LDFLAGS += $(call zlib-options,l) - libxenguest.so.$(MAJOR).$(MINOR): $(GUEST_PIC_OBJS) libxenctrl.so -- $(CC) $(CFLAGS) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_CFLAGS) -o $@ $(GUEST_PIC_OBJS) -lz -lxenctrl $(PTHREAD_LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_CFLAGS) -o $@ $(GUEST_PIC_OBJS) -lz -lxenctrl $(PTHREAD_LIBS) $(call zlib-options,l) - - -include $(DEPS) - diff --git a/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch b/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch new file mode 100644 index 000000000000..0d8f8237a7f1 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch @@ -0,0 +1,15 @@ +2011-10-22 Ralf Glauberman <ralfglauberman@gmx.de> + + #360805 Don't compile ipxe with pie on hardened. + * /tools/firmware/etherboot/patches/ipxe-nopie.patche New patch +Reconstituted patch; Tue Jan 29 14:35:13 WST 2013 + +diff -ur xen-4.2.0.orig/tools/firmware/etherboot/patches/series xen-4.2.0/tools/firmware/etherboot/patches/series +--- tools/firmware/etherboot/patches/series 2013-01-29 14:34:10.773520921 +0800 ++++ tools/firmware/etherboot/patches/series 2013-01-29 14:33:31.781519209 +0800 +@@ -2,3 +2,4 @@ + build_fix_1.patch + build_fix_2.patch + build_fix_3.patch ++ipxe-nopie.patch + diff --git a/app-emulation/xen-tools/files/xen-tools-4-docfix.patch b/app-emulation/xen-tools/files/xen-tools-4-docfix.patch new file mode 100644 index 000000000000..c9205a4cab99 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4-docfix.patch @@ -0,0 +1,12 @@ +diff -ur xen-4.2.0.orig/tools/qemu-xen-traditional/Makefile xen-4.2.0/tools/qemu-xen-traditional/Makefile +--- xen-4.2.0.orig/tools/qemu-xen-traditional/Makefile 2012-09-07 00:05:30.000000000 +0800 ++++ xen-4.2.0/tools/qemu-xen-traditional/Makefile 2013-01-29 11:12:20.502989453 +0800 +@@ -275,7 +275,7 @@ + + # documentation + %.html: %.texi +- texi2html -monolithic -number $< ++ texi2html -monolithic $< + + %.info: %.texi + makeinfo $< -o $@ diff --git a/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild b/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild index 386048da461d..ec6fe3e3b2b6 100644 --- a/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild +++ b/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild,v 1.6 2013/01/24 08:53:49 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.0-r2.ebuild,v 1.7 2013/01/30 09:09:01 idella4 Exp $ EAPI=5 @@ -23,6 +23,7 @@ else $XEN_SEABIOS_URL" S="${WORKDIR}/xen-${PV}" fi + inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass} DESCRIPTION="Xend daemon and tools" @@ -131,6 +132,7 @@ src_prepare() { # Drop .config sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop" + # Xend if ! use xend; then sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \ @@ -138,6 +140,7 @@ src_prepare() { sed -e 's:^XEND_INITD:#XEND_INITD:' \ -i tools/examples/Makefile || die "Disabling xend failed" fi + # if the user *really* wants to use their own custom-cflags, let them if use custom-cflags; then einfo "User wants their own CFLAGS - removing defaults" diff --git a/app-emulation/xen-tools/xen-tools-4.2.0-r3.ebuild b/app-emulation/xen-tools/xen-tools-4.2.0-r3.ebuild new file mode 100644 index 000000000000..ec3116004b10 --- /dev/null +++ b/app-emulation/xen-tools/xen-tools-4.2.0-r3.ebuild @@ -0,0 +1,338 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.0-r3.ebuild,v 1.1 2013/01/30 09:09:01 idella4 Exp $ + +EAPI=5 + +PYTHON_COMPAT=( python{2_6,2_7} ) +PYTHON_REQ_USE='xml,threads' + +IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz" +XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2" + +if [[ $PV == *9999 ]]; then + KEYWORDS="" + REPO="xen-unstable.hg" + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" + S="${WORKDIR}/${REPO}" + live_eclass="mercurial" +else + KEYWORDS="~amd64 ~x86" + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz + $IPXE_TARBALL_URL + $XEN_SEABIOS_URL" + S="${WORKDIR}/xen-${PV}" +fi + +inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass} + +DESCRIPTION="Xend daemon and tools" +HOMEPAGE="http://xen.org/" +DOCS=( README docs/README.xen-bugtool ) + +LICENSE="GPL-2" +SLOT="0" +# TODO soon; ocaml up for a potential name change +IUSE="api custom-cflags debug doc flask hvm ocaml qemu pygrub screen static-libs xend" + +REQUIRD_USE="hvm? ( qemu )" + +CDEPEND="<dev-libs/yajl-2 + dev-python/lxml[${PYTHON_USEDEP}] + dev-python/pypam[${PYTHON_USEDEP}] + dev-python/pyxml[${PYTHON_USEDEP}] + sys-libs/zlib + sys-power/iasl + ocaml? ( dev-ml/findlib ) + hvm? ( media-libs/libsdl ) + ${PYTHON_DEPS} + api? ( dev-libs/libxml2 + net-misc/curl ) + ${PYTHON_DEPS} + pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )" +DEPEND="${CDEPEND} + dev-lang/perl + app-misc/pax-utils + doc? ( + app-doc/doxygen + dev-tex/latex2html[png,gif] + media-gfx/transfig + media-gfx/graphviz + dev-tex/xcolor + dev-texlive/texlive-latexextra + virtual/latex-base + dev-tex/latexmk + dev-texlive/texlive-latex + dev-texlive/texlive-pictures + dev-texlive/texlive-latexrecommended + ) + hvm? ( x11-proto/xproto + sys-devel/bin86 + sys-devel/dev86 + )" +RDEPEND="${CDEPEND} + sys-apps/iproute2 + net-misc/bridge-utils + ocaml? ( >=dev-lang/ocaml-3.12.0 ) + screen? ( + app-misc/screen + app-admin/logrotate + ) + virtual/udev" + +# hvmloader is used to bootstrap a fully virtualized kernel +# Approved by QA team in bug #144032 +QA_WX_LOAD="usr/lib/xen/boot/hvmloader" + +RESTRICT="test" + +pkg_setup() { + python-single-r1_pkg_setup + export "CONFIG_LOMOUNT=y" + + if has_version dev-libs/libgcrypt; then + export "CONFIG_GCRYPT=y" + fi + + if use qemu; then + export "CONFIG_IOEMU=y" + else + export "CONFIG_IOEMU=n" + fi + + if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then + eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or" + eerror "an amd64 multilib profile is required. Remove the hvm use flag" + eerror "to build xen-tools on your current profile." + die "USE=hvm is unsupported on this system." + fi + + if [[ -z ${XEN_TARGET_ARCH} ]] ; then + if use x86 && use amd64; then + die "Confusion! Both x86 and amd64 are set in your use flags!" + elif use x86; then + export XEN_TARGET_ARCH="x86_32" + elif use amd64 ; then + export XEN_TARGET_ARCH="x86_64" + else + die "Unsupported architecture!" + fi + fi + + use api && export "LIBXENAPI_BINDINGS=y" + use flask && export "FLASK_ENABLE=y" +} + +src_prepare() { + # Drop .config, fixes to gcc-4.6 + epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch + + # Xend + if ! use xend; then + sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \ + -i tools/misc/Makefile || die "Disabling xend failed" + sed -e 's:^XEND_INITD:#XEND_INITD:' \ + -i tools/examples/Makefile || die "Disabling xend failed" + fi + + # if the user *really* wants to use their own custom-cflags, let them + if use custom-cflags; then + einfo "User wants their own CFLAGS - removing defaults" + + # try and remove all the default cflags + find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \ + -exec sed \ + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ + -i {} + || die "failed to re-set custom-cflags" + fi + + if ! use pygrub; then + sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die + fi + + # Disable hvm support on systems that don't support x86_32 binaries. + if ! use hvm; then + sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die + sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die + fi + + # Don't bother with qemu, only needed for fully virtualised guests + if ! use qemu; then + sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die + sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die + fi + + # Fix texi2html build error with new texi2html + epatch "${FILESDIR}"/${PN}-4-docfix.patch + + # Fix network broadcast on bridged networks + epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch" + + # Prevent the downloading of ipxe, seabios + epatch "${FILESDIR}"/${P/-tools/}-anti-download.patch + cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die + mv ../seabios-dir-remote tools/firmware/ || die + pushd tools/firmware/ > /dev/null + ln -s seabios-dir-remote seabios-dir || die + popd > /dev/null + + # Fix bridge by idella4, bug #362575 + epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch" + + # Don't build ipxe with pie on hardened, Bug #360805 + if gcc-specs-pie; then + cp -f "${FILESDIR}"/ipxe-nopie.patch tools/firmware/etherboot/patches/ || die + epatch "${FILESDIR}"/${PN}-4-add-nopie.patch + fi + + # Prevent double stripping of files at install + epatch "${FILESDIR}"/${P/-tools/}-nostrip.patch + + # fix jobserver in Makefile + epatch "${FILESDIR}"/${P/-tools/}-jserver.patch + + #Sec patches + epatch "${FILESDIR}"/xen-4-CVE-2012-4544-XSA-25.patch \ + "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch +} + +src_compile() { + export VARTEXFONTS="${T}/fonts" + local myopt + use debug && myopt="${myopt} debug=y" + + use custom-cflags || unset CFLAGS + if test-flag-CC -fno-strict-overflow; then + append-flags -fno-strict-overflow + fi + + unset LDFLAGS + unset CFLAGS + emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt} + + use doc && emake -C docs txt html + emake -C docs man-pages +} + +src_install() { + # Override auto-detection in the build system, bug #382573 + export INITD_DIR=/tmp/init.d + export CONFIG_LEAF_DIR=../tmp/default + + # Let the build system compile installed Python modules. + local PYTHONDONTWRITEBYTECODE + export PYTHONDONTWRITEBYTECODE + + emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" \ + install-tools + + # Fix the remaining Python shebangs. + python_fix_shebang "${D}" + + # Remove RedHat-specific stuff + rm -rf "${D}"tmp || die + + # uncomment lines in xl.conf + sed -e 's:^#autoballoon=1:autoballoon=1:' \ + -e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \ + -e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \ + -i tools/examples/xl.conf || die + + if use doc; then + emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs + + dohtml -r docs/html/ + docinto pdf + dodoc ${DOCS[@]} + [ -d "${D}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html + fi + + rm -rf "${D}"/usr/share/doc/xen/ + doman docs/man?/* + + if use xend; then + newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd" + fi + newconfd "${FILESDIR}"/xendomains.confd xendomains + newconfd "${FILESDIR}"/xenstored.confd xenstored + newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled + newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains + newinitd "${FILESDIR}"/xenstored.initd xenstored + newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled + + if use screen; then + cat "${FILESDIR}"/xendomains-screen.confd >> "${D}"/etc/conf.d/xendomains || die + cp "${FILESDIR}"/xen-consoles.logrotate "${D}"/etc/xen/ || die + keepdir /var/log/xen-consoles + fi + + # For -static-libs wrt Bug 384355 + if ! use static-libs; then + rm -f "${D}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a + fi + + # xend expects these to exist + keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen + + # for xendomains + keepdir /etc/xen/auto + + # Temp QA workaround + dodir "$(udev_get_udevdir)" + mv "${D}"/etc/udev/* "${ED}/$(udev_get_udevdir)" + rm -rf "${D}"/etc/udev + + # Remove files failing QA AFTER emake installs them, avoiding seeking absent files + find "${D}" \( -name openbios-sparc32 -o -name openbios-sparc64 \ + -o -name openbios-ppc -o -name palcode-clipper \) -delete || die +} + +pkg_postinst() { + elog "Official Xen Guide and the unoffical wiki page:" + elog " http://www.gentoo.org/doc/en/xen-guide.xml" + elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo" + + if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then + echo + ewarn "xend may not work when python is built with stack smashing protection (ssp)." + ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866" + ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug." + fi + + # TODO: we need to have the current Python slot here. + if ! has_version "dev-lang/python[ncurses]"; then + echo + ewarn "NB: Your dev-lang/python is built without USE=ncurses." + ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py." + fi + + if has_version "sys-apps/iproute2[minimal]"; then + echo + ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking" + ewarn "will not work until you rebuild iproute2 without USE=minimal." + fi + + if ! use hvm; then + echo + elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm" + elog "support enable the hvm use flag." + elog "An x86 or amd64 multilib system is required to build HVM support." + echo + elog "The qemu use flag has been removed and replaced with hvm." + fi + + if use xend; then + echo + elog "xend capability has been enabled and installed" + fi + + if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then + echo + elog "xensv is broken upstream (Gentoo bug #142011)." + elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed." + fi +} diff --git a/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild b/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild new file mode 100644 index 000000000000..6a4311894d39 --- /dev/null +++ b/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild @@ -0,0 +1,337 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild,v 1.1 2013/01/30 09:09:01 idella4 Exp $ + +EAPI=5 + +PYTHON_COMPAT=( python{2_6,2_7} ) +PYTHON_REQ_USE='xml,threads' + +IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz" +XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2" + +if [[ $PV == *9999 ]]; then + KEYWORDS="" + REPO="xen-unstable.hg" + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" + S="${WORKDIR}/${REPO}" + live_eclass="mercurial" +else + KEYWORDS="~amd64 ~x86" + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz + $IPXE_TARBALL_URL + $XEN_SEABIOS_URL" + S="${WORKDIR}/xen-${PV}" +fi + +inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass} + +DESCRIPTION="Xend daemon and tools" +HOMEPAGE="http://xen.org/" +DOCS=( README docs/README.xen-bugtool ) + +LICENSE="GPL-2" +SLOT="0" +# TODO soon; ocaml up for a potential name change +IUSE="api custom-cflags debug doc flask hvm qemu ocaml pygrub screen static-libs xend" + +REQUIRED_USE="hvm? ( qemu )" + +CDEPEND="<dev-libs/yajl-2 + dev-python/lxml[${PYTHON_USEDEP}] + dev-python/pypam[${PYTHON_USEDEP}] + dev-python/pyxml[${PYTHON_USEDEP}] + sys-libs/zlib + sys-power/iasl + ocaml? ( dev-ml/findlib ) + hvm? ( media-libs/libsdl ) + ${PYTHON_DEPS} + api? ( dev-libs/libxml2 + net-misc/curl ) + ${PYTHON_DEPS} + pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )" +DEPEND="${CDEPEND} + dev-lang/perl + app-misc/pax-utils + doc? ( + app-doc/doxygen + dev-tex/latex2html[png,gif] + media-gfx/transfig + media-gfx/graphviz + dev-tex/xcolor + dev-texlive/texlive-latexextra + virtual/latex-base + dev-tex/latexmk + dev-texlive/texlive-latex + dev-texlive/texlive-pictures + dev-texlive/texlive-latexrecommended + ) + hvm? ( x11-proto/xproto + sys-devel/bin86 + sys-devel/dev86 + )" +RDEPEND="${CDEPEND} + sys-apps/iproute2 + net-misc/bridge-utils + ocaml? ( >=dev-lang/ocaml-3.12.0 ) + screen? ( + app-misc/screen + app-admin/logrotate + ) + virtual/udev" + +# hvmloader is used to bootstrap a fully virtualized kernel +# Approved by QA team in bug #144032 +QA_WX_LOAD="usr/lib/xen/boot/hvmloader" + +RESTRICT="test" + +pkg_setup() { + python-single-r1_pkg_setup + export "CONFIG_LOMOUNT=y" + + if has_version dev-libs/libgcrypt; then + export "CONFIG_GCRYPT=y" + fi + + if use qemu; then + export "CONFIG_IOEMU=y" + else + export "CONFIG_IOEMU=n" + fi + + if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then + eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or" + eerror "an amd64 multilib profile is required. Remove the hvm use flag" + eerror "to build xen-tools on your current profile." + die "USE=hvm is unsupported on this system." + fi + + if [[ -z ${XEN_TARGET_ARCH} ]] ; then + if use x86 && use amd64; then + die "Confusion! Both x86 and amd64 are set in your use flags!" + elif use x86; then + export XEN_TARGET_ARCH="x86_32" + elif use amd64 ; then + export XEN_TARGET_ARCH="x86_64" + else + die "Unsupported architecture!" + fi + fi + + use api && export "LIBXENAPI_BINDINGS=y" + use flask && export "FLASK_ENABLE=y" +} + +src_prepare() { + # Drop .config, fixes to gcc-4.6 + epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch + + # Xend + if ! use xend; then + sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \ + -i tools/misc/Makefile || die "Disabling xend failed" + sed -e 's:^XEND_INITD:#XEND_INITD:' \ + -i tools/examples/Makefile || die "Disabling xend failed" + fi + + # if the user *really* wants to use their own custom-cflags, let them + if use custom-cflags; then + einfo "User wants their own CFLAGS - removing defaults" + + # try and remove all the default cflags + find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \ + -exec sed \ + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ + -i {} + || die "failed to re-set custom-cflags" + fi + + if ! use pygrub; then + sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die + fi + + # Disable hvm support on systems that don't support x86_32 binaries. + if ! use hvm; then + sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die + sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die + fi + + # Don't bother with qemu, only needed for fully virtualised guests + if ! use qemu; then + sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die + sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die + fi + + # Fix texi2html build error with new texi2html + epatch "${FILESDIR}"/${PN}-4-docfix.patch + + # Fix network broadcast on bridged networks + epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch" + + # Prevent the downloading of ipxe, seabios + epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch + cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die + mv ../seabios-dir-remote tools/firmware/ || die + pushd tools/firmware/ > /dev/null + ln -s seabios-dir-remote seabios-dir || die + popd > /dev/null + + # Fix bridge by idella4, bug #362575 + epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch" + + # Don't build ipxe with pie on hardened, Bug #360805 + if gcc-specs-pie; then + cp -f "${FILESDIR}"/ipxe-nopie.patch tools/firmware/etherboot/patches/ || die + epatch "${FILESDIR}"/${PN}-4-add-nopie.patch + fi + + # Prevent double stripping of files at install + epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch + + # fix jobserver in Makefile + epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch + + #Sec patch, currently valid + epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch +} + +src_compile() { + export VARTEXFONTS="${T}/fonts" + local myopt + use debug && myopt="${myopt} debug=y" + + use custom-cflags || unset CFLAGS + if test-flag-CC -fno-strict-overflow; then + append-flags -fno-strict-overflow + fi + + unset LDFLAGS + unset CFLAGS + emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt} + + use doc && emake -C docs txt html + emake -C docs man-pages +} + +src_install() { + # Override auto-detection in the build system, bug #382573 + export INITD_DIR=/tmp/init.d + export CONFIG_LEAF_DIR=../tmp/default + + # Let the build system compile installed Python modules. + local PYTHONDONTWRITEBYTECODE + export PYTHONDONTWRITEBYTECODE + + emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \ + XEN_PYTHON_NATIVE_INSTALL=y install-tools + + # Fix the remaining Python shebangs. + python_fix_shebang "${ED}" + + # Remove RedHat-specific stuff + rm -rf "${ED}"tmp || die + + # uncomment lines in xl.conf + sed -e 's:^#autoballoon=1:autoballoon=1:' \ + -e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \ + -e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \ + -i tools/examples/xl.conf || die + + if use doc; then + emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs + + dohtml -r docs/ + docinto pdf + dodoc ${DOCS[@]} + [ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html + fi + + rm -rf "${ED}"/usr/share/doc/xen/ + doman docs/man?/* + + if use xend; then + newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd" + fi + newconfd "${FILESDIR}"/xendomains.confd xendomains + newconfd "${FILESDIR}"/xenstored.confd xenstored + newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled + newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains + newinitd "${FILESDIR}"/xenstored.initd xenstored + newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled + + if use screen; then + cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die + cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die + keepdir /var/log/xen-consoles + fi + + # For -static-libs wrt Bug 384355 + if ! use static-libs; then + rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a + fi + + # xend expects these to exist + keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen + + # for xendomains + keepdir /etc/xen/auto + + # Temp QA workaround + dodir "$(udev_get_udevdir)" + mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)" + rm -rf "${ED}"/etc/udev + + # Remove files failing QA AFTER emake installs them, avoiding seeking absent files + find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \ + -o -name openbios-ppc -o -name palcode-clipper \) -delete || die +} + +pkg_postinst() { + elog "Official Xen Guide and the unoffical wiki page:" + elog " http://www.gentoo.org/doc/en/xen-guide.xml" + elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo" + + if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then + echo + ewarn "xend may not work when python is built with stack smashing protection (ssp)." + ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866" + ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug." + fi + + # TODO: we need to have the current Python slot here. + if ! has_version "dev-lang/python[ncurses]"; then + echo + ewarn "NB: Your dev-lang/python is built without USE=ncurses." + ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py." + fi + + if has_version "sys-apps/iproute2[minimal]"; then + echo + ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking" + ewarn "will not work until you rebuild iproute2 without USE=minimal." + fi + + if ! use hvm; then + echo + elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm" + elog "support enable the hvm use flag." + elog "An x86 or amd64 multilib system is required to build HVM support." + echo + elog "The qemu use flag has been removed and replaced with hvm." + fi + + if use xend; then + echo + elog "xend capability has been enabled and installed" + fi + + if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then + echo + elog "xensv is broken upstream (Gentoo bug #142011)." + elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed." + fi +} |